摘要: |
控制流完整性(CFI)是一种在程序中通过保护间接转移有效减少代码注入和代码重用攻击等威胁的技术。由于二进制程序缺少源代码级别的语义, CFI策略的设定需要很谨慎。现有的面向二进制的CFI解决方案,如BinCFI和CCFIR,虽然能够提供对二进制程序的防护能力,但它们应用的策略过于宽松,依然会受到复杂的代码重用攻击。本文提出一种新的面向二进制的CFI保护方案,称为BinCC。它可以通过静态二进制重写为x86下的二进制程序提供细粒度保护。通过代码复制和静态分析,我们把二进制代码分成几个互斥代码块。再进一步将代码中的每个间接转移块归类为块间转移或块内转移,并分别应用严格CFI策略来限制这些转移。为了评估BinCC,我们引入新的指标来评估每种间接转移中合法目标的平均数量,以及利用call-precededgadgets产生ROP漏洞利用的难度。实验结果表明与BinCFI比较, BinCC显著地将合法转移目标降低了81.34%,并显著增加了攻击者绕过CFI限制实施复杂的ROP攻击的难度。另外,与BinCC可以降低大约14%的空间开销,而只提升了4%的运行开销。 |
关键词: 控制流完整性 |
DOI:10.19363/j.cnki.cn10-1380/tn.2016.02.006 |
投稿时间:2015-11-18修订日期:2016-03-15 |
基金项目:本课题得到国家科学基金会资助#1054605;美国空军研究实验室资助#FA8750-15-2-0106;中国的国家基础研究发展计划资助#2012CB315804;中国的国家自然科学基金资助#91418206;以及中国国家留学基金委(CSC)等机构出资支持。 |
|
Binary Code Continent: Finer-Grained Control Flow Integrity for Stripped Binaries |
Minghua Wang,Heng Yin,Abhishek Vasisht Bhaskar,Purui Su,Dengguo Feng |
Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences;Syracuse University;State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences;University of Chinese Academy of Sciences |
Abstract: |
Control Flow Integrity (CFI) is an effective technique to mitigate threats such as code-injection and code-reuse attacks in programs by protecting indirect transfers. For stripped binaries, a CFI policy has to be made conservatively due to the lack of source code level semantics. Existing binary-only CFI solutions such as BinCFI and CCFIR demonstrate the ability to protectstripped binaries, but the policies they apply are too permissive, allowing sophisticated code-reuse attacks. In this paper, we propose a new binary-only CFI protection scheme called BinCC, which applies static binary rewriting to provide finer-grained protection for x86 stripped ELF binaries. Through code duplication and static analysis, we divide the binary code into several mutually exclusive code continents. We further classify each indirect transfer within a code continent as either an Intra-Continent transfer or an Inter-Continent transfer, and apply separate, strict CFI polices to constrain these transfers. To evaluate BinCC, we introduce new metrics to estimate the average amount of legitimate targets of each kind of indirect transfer as well as the difficulty to leverage call preceded gadgets to generate ROP exploits. Compared to the state of the art binary-only CFI, BinCFI, the experimental results show that BinCC significantly reduces the legitimate transfer targets by 81.34% and increases the difficulty for adversaries to bypass CFI restriction to launch sophisticated ROP attacks. Also, BinCC achieves a reasonable performance, around 14% of the space overhead decrease and only 4% runtime overhead increase as compared to BinCFI. |
Key words: control flow integrity |